Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/9afb33-e0aa-493b-a46d-a885fb40d90d/1/1S0_Ud1FiJbWZBptn_PrMeZ35MQ.roa
File:                     1S0_Ud1FiJbWZBptn_PrMeZ35MQ.roa (raw, json)
Hash identifier:          20z+dU2laDKFyNd7A2Mbee622EXGr0wAFvjmZxsER74=
Subject key identifier:   D5:2D:3F:51:DD:45:88:96:D6:64:1A:6D:9F:F3:EB:31:E6:77:E4:C4
Certificate issuer:       /CN=845de8732b1017138f87032b70fa3b7b8776ef71
Certificate serial:       019302D9931DD03DCD2156ED0DEF93090913
Authority key identifier: 84:5D:E8:73:2B:10:17:13:8F:87:03:2B:70:FA:3B:7B:87:76:EF:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hF3ocysQFxOPhwMrcPo7e4d273E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/9afb33-e0aa-493b-a46d-a885fb40d90d/1/1S0_Ud1FiJbWZBptn_PrMeZ35MQ.roa
Signing time:             Wed 06 Nov 2024 19:00:33 +0000
ROA not before:           Wed 06 Nov 2024 19:00:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        195.200.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/9afb33-e0aa-493b-a46d-a885fb40d90d/1/hF3ocysQFxOPhwMrcPo7e4d273E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/9afb33-e0aa-493b-a46d-a885fb40d90d/1/hF3ocysQFxOPhwMrcPo7e4d273E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hF3ocysQFxOPhwMrcPo7e4d273E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:02:d9:93:1d:d0:3d:cd:21:56:ed:0d:ef:93:09:09:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=845de8732b1017138f87032b70fa3b7b8776ef71
        Validity
            Not Before: Nov  6 19:00:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d52d3f51dd458896d6641a6d9ff3eb31e677e4c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:49:ad:86:63:1a:5e:ee:85:8f:d9:bd:f5:61:
                    16:e7:30:54:d7:2f:5e:52:b0:71:bc:dc:8e:11:97:
                    90:97:3d:31:14:4d:07:1b:e2:95:10:19:d7:8e:18:
                    50:e7:ce:f1:9a:ee:71:97:ba:9b:73:8b:ed:74:10:
                    d6:ee:7d:5e:a3:09:ca:e3:60:e1:5d:d1:ed:42:3e:
                    9e:0f:d8:7d:4f:08:5f:21:02:cc:24:db:2c:4a:c1:
                    44:0a:db:77:7e:af:c0:8d:be:5d:93:da:26:3e:80:
                    06:37:4a:54:c7:35:e2:d1:b3:4c:09:ad:1a:1e:59:
                    89:2c:e9:b5:2e:40:54:ee:a4:f0:d3:3d:60:cb:30:
                    43:3a:c4:d4:af:34:80:7a:0f:3e:ae:4b:32:ad:b0:
                    e3:79:35:00:8d:5b:51:74:0f:2b:8f:5e:31:23:22:
                    b2:71:ea:2d:c0:b4:36:a2:9b:48:e2:73:66:db:d8:
                    10:19:d7:69:62:d4:8b:05:da:53:00:3c:df:e3:4d:
                    33:20:a2:c6:2d:76:b1:3b:a4:2a:db:52:94:e5:15:
                    85:7b:60:74:fe:df:8e:8c:29:9d:2b:fc:7f:c2:8d:
                    5e:ab:f5:d2:81:91:54:37:83:22:8d:b8:1c:fc:43:
                    78:97:24:db:39:e6:1e:97:22:fc:1a:ad:59:4c:d0:
                    5c:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:2D:3F:51:DD:45:88:96:D6:64:1A:6D:9F:F3:EB:31:E6:77:E4:C4
            X509v3 Authority Key Identifier:
                keyid:84:5D:E8:73:2B:10:17:13:8F:87:03:2B:70:FA:3B:7B:87:76:EF:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hF3ocysQFxOPhwMrcPo7e4d273E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/9afb33-e0aa-493b-a46d-a885fb40d90d/1/1S0_Ud1FiJbWZBptn_PrMeZ35MQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/9afb33-e0aa-493b-a46d-a885fb40d90d/1/hF3ocysQFxOPhwMrcPo7e4d273E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:40:67:9a:c7:b0:b6:ad:00:39:97:50:13:1a:0e:8b:ff:7a:
         a4:48:8b:fc:ff:2b:f9:dc:7f:e8:c5:ea:a5:45:d7:81:47:62:
         5b:29:4a:b6:86:bf:de:17:40:6a:5d:c3:5c:9e:f1:c5:fb:0c:
         9c:b1:7a:e4:5c:3f:32:72:ac:a0:e5:89:16:c3:90:59:72:e6:
         1f:59:7a:19:74:3d:84:5d:b5:91:93:eb:b5:63:12:15:d7:29:
         d5:56:b4:66:dd:01:d1:f3:99:18:0e:f6:d8:63:29:2e:92:65:
         95:89:ee:60:1a:e4:30:65:6e:b8:c0:b2:81:08:d5:8f:34:2b:
         2e:af:28:4e:c9:3b:b7:29:02:90:d7:f6:28:3e:c8:36:f4:4a:
         c5:fb:ef:30:af:c1:0b:74:aa:09:df:5a:af:d0:d3:6a:c6:7d:
         a7:81:68:0d:c2:9d:69:47:8f:2f:a2:bc:41:5e:93:08:e2:81:
         cd:83:cd:af:37:cc:05:d3:c2:b4:b1:2a:6d:e4:0c:f0:00:5a:
         f7:1c:5f:0b:4e:de:86:5b:1c:af:20:fb:5d:27:fe:eb:8f:7a:
         38:3e:d4:e9:79:7f:26:1d:ab:68:35:5f:78:1e:fa:f1:30:de:
         a3:34:2c:93:e1:e4:d3:c0:70:3b:7e:e0:0b:30:62:fe:8b:58:
         8b:96:2d:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMC2ZMd0D3NIVbtDe+TCQkTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NWRlODczMmIxMDE3MTM4Zjg3MDMyYjcwZmEzYjdiODc3
NmVmNzEwHhcNMjQxMTA2MTkwMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTJkM2Y1MWRkNDU4ODk2ZDY2NDFhNmQ5ZmYzZWIzMWU2NzdlNGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kmthmMaXu6Fj9m99WEW5zBU1y9e
UrBxvNyOEZeQlz0xFE0HG+KVEBnXjhhQ587xmu5xl7qbc4vtdBDW7n1eownK42Dh
XdHtQj6eD9h9TwhfIQLMJNssSsFECtt3fq/Ajb5dk9omPoAGN0pUxzXi0bNMCa0a
HlmJLOm1LkBU7qTw0z1gyzBDOsTUrzSAeg8+rksyrbDjeTUAjVtRdA8rj14xIyKy
ceotwLQ2optI4nNm29gQGddpYtSLBdpTADzf400zIKLGLXaxO6Qq21KU5RWFe2B0
/t+OjCmdK/x/wo1eq/XSgZFUN4Mijbgc/EN4lyTbOeYelyL8Gq1ZTNBcrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUtP1HdRYiW1mQabZ/z6zHmd+TEMB8GA1UdIwQY
MBaAFIRd6HMrEBcTj4cDK3D6O3uHdu9xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEYzb2N5c1FGeE9QaHdNcmNQbzdlNGQyNzNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85YWZiMzMtZTBhYS00OTNiLWE0NmQt
YTg4NWZiNDBkOTBkLzEvMVMwX1VkMUZpSmJXWkJwdG5fUHJNZVozNU1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85YWZiMzMtZTBhYS00OTNiLWE0NmQtYTg4NWZiNDBkOTBk
LzEvaEYzb2N5c1FGeE9QaHdNcmNQbzdlNGQyNzNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw8hfMA0G
CSqGSIb3DQEBCwUAA4IBAQBuQGeax7C2rQA5l1ATGg6L/3qkSIv8/yv53H/oxeql
RdeBR2JbKUq2hr/eF0BqXcNcnvHF+wycsXrkXD8ycqyg5YkWw5BZcuYfWXoZdD2E
XbWRk+u1YxIV1ynVVrRm3QHR85kYDvbYYykukmWVie5gGuQwZW64wLKBCNWPNCsu
ryhOyTu3KQKQ1/YoPsg29ErF++8wr8ELdKoJ31qv0NNqxn2ngWgNwp1pR48vorxB
XpMI4oHNg82vN8wF08K0sSpt5AzwAFr3HF8LTt6GWxyvIPtdJ/7rj3o4PtTpeX8m
HatoNV94HvrxMN6jNCyT4eTTwHA7fuALMGL+i1iLli0T
-----END CERTIFICATE-----